REMARKS 


Claims 1-52 are pending in the application. Claims 1, 3-18, 21-24, 26, 28- 
43, 46-49 and 51 have been amended. Claim 52 is newly added. 
Reconsideration of this application is respectfully requested. 

The Office Action rejects claims 1, 2, 4, 5, 10, 11, 13-16, 18-22, 26, 27, 
29, 32, 34, 35, 37-40, 42-47 and 51 under 35 U.S.C. 102(e) as anticipated by 
U.S. Patent No. 6,212,635 to Reardon, hereafter Reardon 635. 

This rejection is inapplicable to amended independent claims 1, 26 and 51 
because Reardon 635 lacks one or more features recited in these claims as 
discussed below. 

Independent claims 1, 26 and 51 have been amended to recite: "a plurality 
of object receptacles that comprises a portion of one or more of said nodes, two 
or more of said object receptacles being connected to said security console". 
Reardon 635 discloses a single token reader 14 connected to security gateway 
12 and not two or more object receptacles as recited in amended claims 1, 26 
and 51 . Thus, Reardon 635 lacks the above quoted recitation and, therefore, the 
rejection is inapplicable to independent claims 1, 26 and 51 as amended. 

Independent claims 1, 26 and 51 have also been amended to recite: "said 
data-carrying object being inserted into a selected one of said two or more object 
receptacles that reads out the security-related data". Since Reardon 635 has 
only a single token reader, not a plurality of token readers, Reardon 635 also 
lacks this recitation. Therefore, the rejection is inapplicable to independent 
claims 1, 26 and 51 as amended. 

Independent claims 1 , 26 and 51 have also been amended to recite: 
"wherein a desired security configuration of said information system is based on 


14 


said security-related data and said selected receptacle". Reardon 635 discloses 
only a single token reader and, therefore, has no capability of basing a security 
configuration on both data recorded on the token and a selected one of two or 
more token readers. 

In addition, the present invention is quite different than Reardon 635. In 
the present invention, the placement or other physical usage of the physical key 
is used to control the security setup of the system, which, e.g., users (for 
instance) are allowed to access which devices. This is in contrast to the prior art, 
in which physical keys such as switches and smart-cards are used for 
authentication. In this prior art, a user uses a physical key primarily to prove his 
identity to the system. This prior art assumes that the security configuration of 
the system, which user is allowed to access which device is controlled through a 
traditional software user-interface (or, in other cases, the prior art is silent on the 
subject of how the security configuration is done)." 

The Examiner contends that since Reardon 635 both uses tokens (for 
user authorization) and refers to security configuration (through the use of 
traditional user interfaces such as menus), Reardon 635 also teaches the use of 
tokens for security configuration. But this is reading far beyond what Reardon 
635 actually says. In Reardon 635, the user inserts a token to prove to the 
system that the user is authorized to do security configuration, and then uses 
traditional user input such as menus to actually change the configuration of the 
system. This teaches directly away from the present invention, an advantage of 
which is to avoid the confusing and error-prone process of doing security 
configuration through traditional interfaces such as menus, and instead allows 
security configuration to be done through the movement of physical tokens. 

In a preferred embodiment of the present invention, it is possible to 
determine which users are permitted to do which actions on which devices by 
examining the placement of physical tokens. In the prior art (including Reardon 
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635), a determination of which users are permitted to do which actions on which 
devices involves interacting with a traditional software interface. The fact that a 
user may have to prove his identity using a token before he is able to access that 
software interface is irrelevant to the present invention. Where the present 
invention uses the tokens to actually perform the configuration actions, Reardon 
635 only teaches using a token to prove that the user is permitted to do 
configuration via a traditional menu interface. Interestingly, the Examiner, in fact, 
says exactly this in the current response, specifically: "... Reardon 635 explains 
how tokens can be configured by one in possession of the MASTER TOKEN". It 
is exactly this fact about Reardon 635 (that the tokens are used for authorization, 
not for actually carrying out the configuration) that teaches away from the present 
invention. 

Reardon 635 simply does configuration only if one is in possession of a 
certain token. In contrast, the present invention does configuration by 
manipulating tokens. For example, amended independent claims 1 , 26 and 51 
recite the insertion of an data carrying object into one of plural receptacles with 
the configuration being based in part on the selected receptacle. 

The Examiner seems to be interpreting the phrase, "token-based 
configuration" that occurs in Reardon 635 as teaching the present invention, but, 
in fact, Reardon 635 in context is using the phrase to mean simply "configuration 
that can only be done (via a traditional user interface) once the user has 
authenticated himself via a token", which is entirely different from the present 
invention. 

For the reason set forth above, it is submitted that the rejection of claims 
1, 2, 4, 5, 10, 11, 13-16, 18-22, 26, 27, 29, 32, 34, 35, 37-40, 42-47 and 51 under 
35 U.S.C. 102(e) as anticipated by Reardon 635 is inapplicable and should be 
withdrawn. 
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The Office Action rejects claims 3, 6, 7, 28, 30 and 31 under 35 U.S.C 
103(a) as unpatentable over Reardon 635 in view of U.S Patent No. 5,434,562 to 
Reardon, hereafter Reardon 562. 

This rejection does not apply because the combination of Reardon 635 
and Readon 562 lacks the features noted in the above discussion of amended 
independent claims 1 and 26, from which claims 3, 6, 7, 28, 30 and 31 depend. 
Reardon 625 was cited for an entirely different purpose and does not supply the 
above noted deficiencies of Reardon 635. 

Claims 6, 7, 30 and 31 have been amended to recite multiple data 
carrying objects and multiple receptacles. Reardon 635 discloses a single token 
and a single token reader. Readon 562 does not disclose any tokens or token 
readers. Thus, the combination of Reardon 635 and Readon 562 does not teach 
amended claims 6, 7, 30 and 31. 

The Office Action suggestion to use Reardon 635 in combination with 
Reardon 562 is improperly based on the hindsight of Applicants' disclosure. 
Such hindsight reconstruction of the art cannot be the basis of a rejection under 
35 U.S.C. 103. The prior art itself must suggest that modification or provide the 
reason or motivation for making such modification. In re Laskowski , 871 F.2d 
115, 117, 10 USPQ 2d 1397, 1398-1399 (CAFC, 1989). "The invention must be 
viewed not after the blueprint has been drawn by the inventor, but as it would 
have been perceived in the state of the art that existed at the time the invention 
was made." Sensonics Inc. v. Aerosonic Corp . 38 USPQ 2d 1551, 1554 (CAFC, 
1996), citing Interconnect Planning Corp. v. Feil , 774 F. 2d 1132, 1138, 227 
USPQ 543, 547 (CAFC, 1985). 

For the reason set forth above, it is submitted that the rejection of claims 
3, 6, 7, 28, 30 and 31 under 35 U.S.C. 103(a) is inapplicable and should be 
withdrawn. 
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The Office Action rejects claims 9, 23-25, 33, 48, 49 and 50 under 35 
U.S.C 103(a) as unpatentable over Reardon (635) in view of U.S Patent No. 
6,389,542 to Flyntz, hereafter Flyntz. 

The Examiner admits that Reardon 635 does not disclose or teach that an 
insertion of a data-carrying object into a first receptacle indicates different 
security-related information than insertion of the object into a second receptacle. 
The Examiner contends that Flyntz has a teaching, citing column 3, lines 30-36, 
which when combined with Reardon 635 makes these claims obvious. 

Flyntz discloses a single smart card that is used to gain access to different 
classification levels of data. The column 3 citation merely describes the case 
where the smart card is granted access to a sensitive data memory 15. In this 
case, the smart card outputs an actuation signal that causes the system 
containing memory 15 to be connected to the computer system. The only 
teaching is to use a single smart card and a single card reader for a selection of 
one of three different memories to the computer system. Thus, a combination of 
Reardon 635 and Flyntz would merely use Flyntz's single smart card for Reardon 
635's single token, which would be read by a single card reader. Thus, the 
combination of Reardon 635 and Flyntz lacks the multiple data-carrying objects, 
the multiple object receptacles and a security configuration based in part upon 
which receptacle a data-carrying object is placed as recited in amended 
independent claims 1 and 26 from which claims 9, 23-25, 33, 48, 49 and 50 
depend. 

With respect to claims 23-25 and intervening claims 21 and 22and to 
claims 48-50 and intervening claims 46 and 47, neither Reardon 635 nor Flyntz 
discloses a token or smart card that is authorized on behalf of a principal as 
recited in these claims. 
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For the reason set forth above, it is submitted that the rejection of claims 
9, 23-25, 33, 48, 49 and 50 under 35 U.S.C. 103(a) is inapplicable and should be 
withdrawn. 

The Office Action rejects claims 12, 17, 36 and 41 under 35 U.S.C 103(a) 
as unpatentable over Reardon (635) in view of U.S Patent No. 6,193,163 to 
Fehrman et al., hereafter Fehrman. 

This rejection does not apply because the combination of Reardon 635 
and Fehrman lacks the features noted in the above discussion of amended 
independent claims 1 and 26, from which claims 312, 17, 36 and 41 depend. 
Fehrman was cited for an entirely different purpose and does not supply the 
above noted deficiencies of Reardon 635. 

With respect to claims 12 and 36, the Examiner contends that "the data 
carrying objects are provided as a pair" is taught by Reardon 635, citing column 
3, lines 63-67. This citation refers to a public key/private key pair that is recorded 
on a token. The token is read by a single token reader and not by a selected one 
of a plurality of token readers as recited by independent claims 1 and 26. 
Therefore, Readon 635 does not teach this recital in claims 12 and 36. 

With respect to claims 17 and 41, the Examiner ignores the base claims 1 
and 26 and the intervening claims 13 and 37. For example, amended claims 13 
and 37 recite a group of at least three data-carrying objects. Neither Reardon 
635 nor Fehrman discloses a group of at least three data-carrying objects. Also, 
neither Reardon 635 nor Fehrman discloses providing one subset of the group to 
a receptacle connected to the information appliance and a disjoint subset of the 
group to a receptacle connected to the security console as recited in amended 
claims 13 and 37. 
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For the reason set forth above, it is submitted that the rejection of claims 
12, 17, 36 and 41 under 35 U.S.C. 103(a) is inapplicable and should be 
withdrawn. 

Newly presented claim 52 is modeled after claim 6 and additionally recites 
that the data-carrying objects are physical and that the security configuration 
gives access to a resource of one of said information system by said information 
appliance and said information appliance by said security console. New claim 52 
is patentably distinct from the cited references for at least the reason set forth in 
the discussion of claims 1 and 6 and is, therefore, allowable. 

It is respectfully requested for the reasons set forth above that the 
rejections under 35 U.S.C. 102(e) and 35 U.S.C. 103(a) be withdrawn, that 
claims 1-52 be allowed and that this application be passed to issue. 


Respectfully Submitted, 
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